Archiving off legacy LOLUtilz

Archive-Old-Version/LOLUtilz/OtherMSBinaries/Winword.yml

@@ -0,0 +1,29 @@
+---
+Name: winword.exe
+Description: Document editor included with Microsoft Office.
+Author: 'Oddvar Moe'
+Created: 2018-05-25
+Commands:
+  - Command: winword.exe /l dllfile.dll
+    Description: Launch DLL payload.
+    Usecase: Execute a locally stored DLL using winword.exe.
+    Category: Execute
+    Privileges: User
+    MitreID: T1218
+    MitreLink: https://attack.mitre.org/wiki/Technique/T1218
+    OperatingSystem: Windows
+Full_Path:
+  - Path: c:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
+Code_Sample:
+  - Code:
+Detection:
+  - IOC:
+Resources:
+  - Link: https://twitter.com/vysecurity/status/884755482707210241
+  - Link: https://twitter.com/Hexacorn/status/885258886428725250
+Acknowledgement:
+  - Person: Vincent Yiu (cmd)
+    Handle: '@@vysecurity'
+  - Person: Adam (Internals)
+    Handle: '@Hexacorn'
+---